FBI/MoneyPak Virus and HitmanPro does not find anything

Fiery · May 10, 2013

Hi martinjr and welcome to MalwareTips!

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:

Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
The absence of symptoms does not mean your PC is fully disinfected.
If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Download Farbar Recovery Scan Tool from the below link:
<ul><li>For 64 bit systems download <a title="External link" href="http://download.bleepingcomputer.com/farbar/FRST64.exe" rel="nofollow external"><>Farbar Recovery Scan Tool x64</></a> and save it to a USB/flash drive.</li>

<li>Plug the flashdrive into the infected PC.</li>

<li>Enter <>System Recovery Options</>.</li>

<>To enter System Recovery Options from the Advanced Boot Options:</>
<ul>
<li>Restart the computer.</li>
<li>As soon as the BIOS is loaded begin tapping the<> F8</> key until Advanced Boot Options appears.</li>
<li>Use the arrow keys to select the <>Repair your computer</> menu item.</li>
<li>Select <>US</> as the keyboard language settings, and then click <>Next</>.</li>
<li>Select the operating system you want to repair, and then click <>Next</>.</li>
<li>Select your user account an click <>Next</>.</li>
</ul>

<li>On the System Recovery Options menu you will get the following options:
<pre>Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt</pre>
<ol>
<li>Select <>Command Prompt</></li>
<li>In the command window type in <>notepad</> and press <>Enter</>.</li>
<li>The notepad opens. Under File menu select <>Open</>.</li>
<li>Select "Computer" and find your flash drive letter and close the notepad.</li>
<li>In the command window type <>e:\frst64</> and press <>Enter</>
<>Note:</> Replace letter <>e</> with the drive letter of your flash drive.</li>
<li>The tool will start to run.</li>
<li>When the tool opens click <>Yes</> to disclaimer.</li>
<li>Press <>Scan</> button.</li>
<li><>FRST</> will let you know when the scan is complete and has written the <>FRST.txt</> to file, close the message.
<li>Type exit</li>
<li>Please copy and paste FRST.txt in your next reply</li></li>
</ol>
</ul>

martinjr · May 10, 2013

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2013 01
Ran by SYSTEM on 10-05-2013 03:36:05
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10228224 2010-11-03] (Intel Corporation)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot [3926528 2010-08-23] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [968048 2012-02-01] ()
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454160 2012-10-07] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454160 2012-10-07] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKU\Meghan\...\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe [45056 2005-04-29] ()
HKU\Meghan\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Meghan\Documents\773d14c.exe [30208 2013-05-10] ()
HKU\Meghan\...\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin [706776 2013-03-15] (Adobe Systems Incorporated)
HKU\Meghan\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [378952 2012-10-25] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1007288 2012-10-06] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-10-29] (McAfee, Inc.)
S2 mfevtp; C:\windows\system32\mfevtps.exe [177680 2012-10-29] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\system32\drivers\cfwids.sys [69672 2012-10-29] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [178840 2012-10-29] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-10-29] (McAfee, Inc.)
S3 mfefirek; C:\Windows\system32\drivers\mfefirek.sys [515528 2012-10-29] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-10-29] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339392 2012-10-29] (McAfee, Inc.)
S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-10 20:25 - 2013-05-10 20:25 - 01096095 ____A C:\Users\Meghan\Local Settings\Application Data\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096095 ____A C:\Users\Meghan\Local Settings\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096095 ____A C:\Users\Meghan\AppData\Local\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096067 ____A C:\Users\Meghan\Application Data\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096067 ____A C:\Users\Meghan\AppData\Roaming\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096049 ____A C:\ProgramData\Application Data\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096049 ____A C:\ProgramData\2433f433
2013-05-10 20:24 - 2013-05-10 20:24 - 00030208 ____A C:\Users\Meghan\My Documents\773d14c.exe
2013-05-10 20:24 - 2013-05-10 20:24 - 00030208 ____A C:\Users\Meghan\Documents\773d14c.exe
2013-05-10 03:35 - 2013-05-10 03:35 - 00000000 ____D C:\FRST
2013-05-10 02:05 - 2013-05-10 02:05 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-10 02:03 - 2013-05-10 02:08 - 00006041 ____A C:\Windows\IE10_main.log
2013-05-10 01:10 - 2013-05-10 01:10 - 00000000 ____D C:\Program Files\HitmanPro
2013-05-10 00:39 - 2013-05-10 00:47 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-10 00:39 - 2013-05-10 00:47 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-04-24 13:44 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-13 14:22 - 2013-04-13 14:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-12 02:01 - 2013-02-22 01:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-12 02:01 - 2013-02-22 01:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-12 02:01 - 2013-02-22 01:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-12 02:01 - 2013-02-22 01:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-12 02:01 - 2013-02-22 01:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-12 02:01 - 2013-02-22 01:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-12 02:01 - 2013-02-22 01:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-12 02:01 - 2013-02-22 01:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-12 02:01 - 2013-02-22 01:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-12 02:01 - 2013-02-22 01:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-12 02:01 - 2013-02-22 01:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-12 02:01 - 2013-02-22 01:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-12 02:01 - 2013-02-22 01:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-12 02:01 - 2013-02-22 01:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-12 02:01 - 2013-02-22 01:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-12 02:01 - 2013-02-22 01:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-12 02:01 - 2013-02-21 23:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-12 02:01 - 2013-02-21 22:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-12 02:01 - 2013-02-21 22:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-12 02:01 - 2013-02-21 22:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-12 02:01 - 2013-02-21 22:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-12 02:01 - 2013-02-21 22:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-12 02:01 - 2013-02-21 22:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-12 02:01 - 2013-02-21 22:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-12 02:01 - 2013-02-21 22:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-12 02:01 - 2013-02-21 22:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-12 02:01 - 2013-02-21 22:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-12 02:01 - 2013-02-21 22:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-12 02:01 - 2013-02-21 22:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-12 02:01 - 2013-02-21 22:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-12 02:01 - 2013-02-21 22:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-12 02:01 - 2013-02-21 22:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-11 16:21 - 2013-03-19 01:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-11 16:21 - 2013-03-19 00:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-11 16:21 - 2013-03-19 00:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-11 16:21 - 2013-03-19 00:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-11 16:21 - 2013-03-18 23:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-11 16:21 - 2013-03-18 22:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-11 16:21 - 2013-02-28 22:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-11 16:21 - 2013-02-15 01:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-11 16:21 - 2013-02-15 01:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-11 16:21 - 2013-02-15 01:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-11 16:21 - 2013-02-14 23:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-11 16:21 - 2013-02-14 23:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-11 16:21 - 2013-02-14 22:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-11 16:21 - 2013-01-24 01:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

==================== One Month Modified Files and Folders =======

2013-05-10 20:25 - 2013-05-10 20:25 - 01096095 ____A C:\Users\Meghan\Local Settings\Application Data\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096095 ____A C:\Users\Meghan\Local Settings\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096095 ____A C:\Users\Meghan\AppData\Local\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096067 ____A C:\Users\Meghan\Application Data\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096067 ____A C:\Users\Meghan\AppData\Roaming\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096049 ____A C:\ProgramData\Application Data\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096049 ____A C:\ProgramData\2433f433
2013-05-10 20:24 - 2013-05-10 20:24 - 00030208 ____A C:\Users\Meghan\My Documents\773d14c.exe
2013-05-10 20:24 - 2013-05-10 20:24 - 00030208 ____A C:\Users\Meghan\Documents\773d14c.exe
2013-05-10 03:35 - 2013-05-10 03:35 - 00000000 ____D C:\FRST
2013-05-10 02:26 - 2011-08-16 09:37 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2013-05-10 02:26 - 2011-08-16 09:37 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2013-05-10 02:26 - 2011-08-16 09:37 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-05-10 02:26 - 2011-08-16 09:37 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2013-05-10 02:26 - 2011-08-16 09:37 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2013-05-10 02:26 - 2011-08-16 09:37 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-05-10 02:26 - 2011-08-16 09:24 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-05-10 02:26 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-10 02:26 - 2009-07-13 23:51 - 00054447 ____A C:\Windows\setupact.log
2013-05-10 02:15 - 2011-08-16 08:39 - 01759049 ____A C:\Windows\WindowsUpdate.log
2013-05-10 02:15 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-10 02:15 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-10 02:09 - 2011-12-25 16:58 - 00000000 ____D C:\users\Meghan
2013-05-10 02:08 - 2013-05-10 02:03 - 00006041 ____A C:\Windows\IE10_main.log
2013-05-10 02:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-05-10 02:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-05-10 02:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-10 02:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-10 02:07 - 2012-04-08 10:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-10 02:05 - 2013-05-10 02:05 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-10 02:04 - 2009-07-14 00:13 - 00779788 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-10 01:10 - 2013-05-10 01:10 - 00000000 ____D C:\Program Files\HitmanPro
2013-05-10 00:47 - 2013-05-10 00:39 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-10 00:47 - 2013-05-10 00:39 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-05-08 18:22 - 2012-11-09 17:25 - 00001846 ____A C:\Users\Public\Desktop\McAfee AntiVirus.lnk
2013-05-08 18:22 - 2012-11-09 17:25 - 00001846 ____A C:\ProgramData\Desktop\McAfee AntiVirus.lnk
2013-05-01 09:09 - 2011-08-16 09:12 - 00000000 ____D C:\ProgramData\Sonic
2013-05-01 09:09 - 2011-08-16 09:12 - 00000000 ____D C:\ProgramData\Application Data\Sonic
2013-05-01 09:00 - 2012-05-25 15:31 - 00000000 ____D C:\Users\Meghan\Application Data\SoftGrid Client
2013-05-01 09:00 - 2012-05-25 15:31 - 00000000 ____D C:\Users\Meghan\AppData\Roaming\SoftGrid Client
2013-04-25 02:17 - 2012-05-01 19:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-20 09:18 - 2012-10-01 18:57 - 00012473 ____A C:\Users\Meghan\Desktop\Things to Do before Baby Arrives.odt
2013-04-13 14:22 - 2013-04-13 14:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-13 10:45 - 2013-03-17 16:37 - 00070656 ____A C:\Users\Meghan\Desktop\Baby Announcement.xls
2013-04-12 09:45 - 2013-04-24 13:44 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-12 02:23 - 2009-07-13 23:45 - 00348680 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-12 02:02 - 2012-04-16 15:44 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-27 02:01:22
Restore point made on: 2013-04-12 02:01:10
Restore point made on: 2013-04-25 02:01:07
Restore point made on: 2013-05-08 18:43:01
Restore point made on: 2013-05-10 02:03:10

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 6051.17 MB
Available physical RAM: 5186.45 MB
Total Pagefile: 6049.37 MB
Available Pagefile: 5180.77 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:520.2 GB) NTFS (Disk=0 Partition=3)
Drive e: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.05 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive f: (USB DISK) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 72715EB0)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

Last Boot: 2013-05-08 18:35

==================== End Of Log ============================

Fiery · May 10, 2013

Hi,

On another PC, open notepad and copy & paste the following:

HKU\Meghan\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Meghan\Documents\773d14c.exe [30208 2013-05-10] ()
C:\Users\Meghan\Documents\773d14c.exe
2013-05-10 20:25 - 2013-05-10 20:25 - 01096095 ____A C:\Users\Meghan\Local Settings\Application Data\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096095 ____A C:\Users\Meghan\Local Settings\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096095 ____A C:\Users\Meghan\AppData\Local\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096067 ____A C:\Users\Meghan\Application Data\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096067 ____A C:\Users\Meghan\AppData\Roaming\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096049 ____A C:\ProgramData\Application Data\2433f433
2013-05-10 20:25 - 2013-05-10 20:25 - 01096049 ____A C:\ProgramData\2433f433
2013-05-10 20:24 - 2013-05-10 20:24 - 00030208 ____A C:\Users\Meghan\My Documents\773d14c.exe
2013-05-10 20:24 - 2013-05-10 20:24 - 00030208 ____A C:\Users\Meghan\Documents\773d14c.exe

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Then attempt to boot normally. If successful,

Download Malwarebytes Anti-Rootkit from here to your Desktop

Unzip the contents to a folder on your Desktop.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Make sure there is a check next to Create Restore Point and click the Cleanup button to remove any threats. Reboot if prompted to do so.
After the reboot, perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If there are threats, click Cleanup once more and reboot.
When done, please post the two logs in the MBAR folder(mbar-log.txt and system-log.txt)

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool(For Vista or Windows 7, right-click and select Run as Administrator to start)
Click delete
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt

Download & SAVE to your Desktop RogueKiller or from here

Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select Run as Administrator to start
Wait until Prescan has finished, then click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click delete and wait until it saids deleting finished
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+

martinjr · May 11, 2013

OK, THANKS SO FAR! I'VE FOLLOWED THE INSTRUCTIONS AND POSTED THE "FIXLOG" ADDED TO MY USB DRIVE:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-05-2013 01
Ran by SYSTEM at 2013-05-10 11:29:54 Run:1
Running from F:\
Boot Mode: Recovery
==============================================

HKEY_USERS\Meghan\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
C:\Users\Meghan\Documents\773d14c.exe => Moved successfully.
C:\Users\Meghan\Local Settings\Application Data\2433f433 => Moved successfully.
C:\Users\Meghan\Local Settings\2433f433 => File/Directory not found.
C:\Users\Meghan\AppData\Local\2433f433 => File/Directory not found.
C:\Users\Meghan\Application Data\2433f433 => Moved successfully.
C:\Users\Meghan\AppData\Roaming\2433f433 => File/Directory not found.
C:\ProgramData\Application Data\2433f433 => Moved successfully.
C:\ProgramData\2433f433 => File/Directory not found.
C:\Users\Meghan\My Documents\773d14c.exe => File/Directory not found.
C:\Users\Meghan\Documents\773d14c.exe => File/Directory not found.

==== End of Fixlog ====

Fiery · May 11, 2013

Ok. Were you able to move on to the other steps?

martinjr · May 11, 2013

Fiery said:
Ok. Were you able to move on to the other steps?

(Sorry, I thought I put that info in a separate reply)

I rebooted as normal without the USB drive. While the FBI Virus screen does not appear, windows loading stalled at a black command screen with following message at the end: "C:\users\Meghan\Documents\773d14c.exe" is not recognized as an internal or external command, operable program or batch file." Followed by the C:\windows\system32> prompt.

Ctrl+Alt+Del works and I can access task manager, but windows will not load. McAfee at one point loaded. As such, I was unable to proceed with the other steps.

Fiery · May 11, 2013

Hi,

Can you perform another scan with FRST with the same instructions as in Post #2

martinjr · May 11, 2013

Fiery said:
Hi,

Can you perform another scan with FRST with the same instructions as in Post #2

OK thanks. I'll rerun to get another FRST.txt log from running a scan (I think that's what you mean)

martinjr · May 11, 2013

martinjr said:
Fiery said:

Hi,

Can you perform another scan with FRST with the same instructions as in Post #2

Click to expand...

OK thanks. I'll rerun to get another FRST.txt log from running a scan (I think that's what you mean)

I reran the SCAN and here is the FRST.txt output (also attached):

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-05-2013 01
Ran by SYSTEM on 10-05-2013 17:55:17
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10228224 2010-11-03] (Intel Corporation)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot [3926528 2010-08-23] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [38112 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [968048 2012-02-01] ()
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454160 2012-10-07] (McAfee, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454160 2012-10-07] (McAfee, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKU\Meghan\...\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe [45056 2005-04-29] ()
HKU\Meghan\...\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin [706776 2013-03-15] (Adobe Systems Incorporated)
HKU\Meghan\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [378952 2012-10-25] (McAfee, Inc.)
S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-07] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1007288 2012-10-06] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-10-29] (McAfee, Inc.)
S2 mfevtp; C:\windows\system32\mfevtps.exe [177680 2012-10-29] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\system32\drivers\cfwids.sys [69672 2012-10-29] (McAfee, Inc.)
S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [178840 2012-10-29] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-10-29] (McAfee, Inc.)
S3 mfefirek; C:\Windows\system32\drivers\mfefirek.sys [515528 2012-10-29] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-10-29] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [328976 2012-11-02] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [97208 2012-11-02] (McAfee, Inc.)
S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339392 2012-10-29] (McAfee, Inc.)
S3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-10 03:35 - 2013-05-10 03:35 - 00000000 ____D C:\FRST
2013-05-10 02:05 - 2013-05-10 02:05 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-10 02:03 - 2013-05-10 02:08 - 00006041 ____A C:\Windows\IE10_main.log
2013-05-10 01:10 - 2013-05-10 01:10 - 00000000 ____D C:\Program Files\HitmanPro
2013-05-10 00:39 - 2013-05-10 00:47 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-10 00:39 - 2013-05-10 00:47 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-04-24 13:44 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-13 14:22 - 2013-04-13 14:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-12 02:01 - 2013-02-22 01:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-12 02:01 - 2013-02-22 01:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-12 02:01 - 2013-02-22 01:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-12 02:01 - 2013-02-22 01:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-12 02:01 - 2013-02-22 01:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-12 02:01 - 2013-02-22 01:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-12 02:01 - 2013-02-22 01:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-12 02:01 - 2013-02-22 01:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-12 02:01 - 2013-02-22 01:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-12 02:01 - 2013-02-22 01:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-12 02:01 - 2013-02-22 01:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-12 02:01 - 2013-02-22 01:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-12 02:01 - 2013-02-22 01:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-12 02:01 - 2013-02-22 01:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-12 02:01 - 2013-02-22 01:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-12 02:01 - 2013-02-22 01:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-12 02:01 - 2013-02-21 23:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-12 02:01 - 2013-02-21 22:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-12 02:01 - 2013-02-21 22:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-12 02:01 - 2013-02-21 22:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-12 02:01 - 2013-02-21 22:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-12 02:01 - 2013-02-21 22:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-12 02:01 - 2013-02-21 22:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-12 02:01 - 2013-02-21 22:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-12 02:01 - 2013-02-21 22:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-12 02:01 - 2013-02-21 22:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-12 02:01 - 2013-02-21 22:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-12 02:01 - 2013-02-21 22:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-12 02:01 - 2013-02-21 22:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-12 02:01 - 2013-02-21 22:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-12 02:01 - 2013-02-21 22:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-12 02:01 - 2013-02-21 22:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-11 16:21 - 2013-03-19 01:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-11 16:21 - 2013-03-19 00:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-11 16:21 - 2013-03-19 00:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-11 16:21 - 2013-03-19 00:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-11 16:21 - 2013-03-18 23:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-11 16:21 - 2013-03-18 22:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-11 16:21 - 2013-02-28 22:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-11 16:21 - 2013-02-15 01:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-11 16:21 - 2013-02-15 01:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-11 16:21 - 2013-02-15 01:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-11 16:21 - 2013-02-14 23:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-11 16:21 - 2013-02-14 23:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-11 16:21 - 2013-02-14 22:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-11 16:21 - 2013-01-24 01:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

==================== One Month Modified Files and Folders =======

2013-05-10 16:50 - 2011-08-16 09:37 - 00000000 ____D C:\Users\Default\Local Settings\SoftThinks
2013-05-10 16:50 - 2011-08-16 09:37 - 00000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2013-05-10 16:50 - 2011-08-16 09:37 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-05-10 16:50 - 2011-08-16 09:37 - 00000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2013-05-10 16:50 - 2011-08-16 09:37 - 00000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2013-05-10 16:50 - 2011-08-16 09:37 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-05-10 16:50 - 2011-08-16 09:24 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-05-10 16:50 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-10 16:50 - 2009-07-13 23:51 - 00055445 ____A C:\Windows\setupact.log
2013-05-10 15:51 - 2011-08-16 08:39 - 01852799 ____A C:\Windows\WindowsUpdate.log
2013-05-10 15:43 - 2012-11-09 17:25 - 00001846 ____A C:\Users\Public\Desktop\McAfee AntiVirus.lnk
2013-05-10 15:43 - 2012-11-09 17:25 - 00001846 ____A C:\ProgramData\Desktop\McAfee AntiVirus.lnk
2013-05-10 15:33 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-10 15:33 - 2009-07-13 23:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-10 15:30 - 2009-07-14 00:13 - 00779788 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-10 11:07 - 2012-04-08 10:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-10 03:35 - 2013-05-10 03:35 - 00000000 ____D C:\FRST
2013-05-10 02:09 - 2011-12-25 16:58 - 00000000 ____D C:\users\Meghan
2013-05-10 02:08 - 2013-05-10 02:03 - 00006041 ____A C:\Windows\IE10_main.log
2013-05-10 02:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-05-10 02:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-05-10 02:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-05-10 02:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-05-10 02:05 - 2013-05-10 02:05 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-10 02:05 - 2013-05-10 02:05 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-05-10 01:10 - 2013-05-10 01:10 - 00000000 ____D C:\Program Files\HitmanPro
2013-05-10 00:47 - 2013-05-10 00:39 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-10 00:47 - 2013-05-10 00:39 - 00000000 ____D C:\ProgramData\Application Data\HitmanPro
2013-05-01 09:09 - 2011-08-16 09:12 - 00000000 ____D C:\ProgramData\Sonic
2013-05-01 09:09 - 2011-08-16 09:12 - 00000000 ____D C:\ProgramData\Application Data\Sonic
2013-05-01 09:00 - 2012-05-25 15:31 - 00000000 ____D C:\Users\Meghan\Application Data\SoftGrid Client
2013-05-01 09:00 - 2012-05-25 15:31 - 00000000 ____D C:\Users\Meghan\AppData\Roaming\SoftGrid Client
2013-04-25 02:17 - 2012-05-01 19:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-20 09:18 - 2012-10-01 18:57 - 00012473 ____A C:\Users\Meghan\Desktop\Things to Do before Baby Arrives.odt
2013-04-13 14:22 - 2013-04-13 14:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-13 10:45 - 2013-03-17 16:37 - 00070656 ____A C:\Users\Meghan\Desktop\Baby Announcement.xls
2013-04-12 09:45 - 2013-04-24 13:44 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-12 02:23 - 2009-07-13 23:45 - 00348680 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-12 02:02 - 2012-04-16 15:44 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-27 02:01:22
Restore point made on: 2013-04-12 02:01:10
Restore point made on: 2013-04-25 02:01:07
Restore point made on: 2013-05-08 18:43:01
Restore point made on: 2013-05-10 02:03:10

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 6051.17 MB
Available physical RAM: 5183.19 MB
Total Pagefile: 6049.37 MB
Available Pagefile: 5172.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.42 GB) (Free:519.73 GB) NTFS (Disk=0 Partition=3)
Drive e: (USB DISK) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT (Disk=1 Partition=1)
Drive f: (Recovery) (Fixed) (Total:14.65 GB) (Free:7.05 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 72715EB0)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=581 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=06)

Last Boot: 2013-05-08 18:35

==================== End Of Log ============================

Fiery · May 11, 2013

Hi,

Open notepad and copy & paste the following:

HKU\Meghan\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation)

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Now try to reboot again.

martinjr · May 11, 2013

Fiery said:
Hi,

Open notepad and copy & paste the following:

HKU\Meghan\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation)

Click to expand...

and save it as fixlist.txt onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Now try to reboot again.

Holy cow, I'm now on my desktop, thanks! Based on your prior instruction, I assume there will be some more steps.

Here is the file output:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-05-2013 01
Ran by SYSTEM at 2013-05-10 18:37:19 Run:3
Running from F:\
Boot Mode: Recovery
==============================================

HKEY_USERS\Meghan\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

==== End of Fixlog ====

Fiery · May 11, 2013

That's good!

Yes, there are a few more steps. Follow the instructions in Post #4 for the next steps

http://malwaretips.com/Thread-FBI-MoneyPak-Virus-and-HitmanPro-does-not-find-anything?pid=119995#pid119995

martinjr · May 11, 2013

Fiery said:
That's good!

Yes, there are a few more steps. Follow the instructions in Post #4 for the next steps

http://malwaretips.com/Thread-FBI-MoneyPak-Virus-and-HitmanPro-does-not-find-anything?pid=119995#pid119995

I completed the download, install and scan using Malwarebytes anti-root kit. Rebooted and rescanned; nothing found during either scan. Attached are logs. I am proceeding with the AdwCleaner.

martinjr · May 11, 2013

martinjr said:
Fiery said:

That's good!

Yes, there are a few more steps. Follow the instructions in Post #4 for the next steps

http://malwaretips.com/Thread-FBI-MoneyPak-Virus-and-HitmanPro-does-not-find-anything?pid=119995#pid119995

Click to expand...

I completed the download, install and scan using Malwarebytes anti-root kit. Rebooted and rescanned; nothing found during either scan. Attached are logs. I am proceeding with the AdwCleaner.

Downloaded, installed, and ran AdwCleaner. Attached is the log. I am proceeding with RogueKiller

martinjr · May 11, 2013

martinjr said:
martinjr said:

Fiery said:

That's good!

Yes, there are a few more steps. Follow the instructions in Post #4 for the next steps

http://malwaretips.com/Thread-FBI-MoneyPak-Virus-and-HitmanPro-does-not-find-anything?pid=119995#pid119995

Click to expand...

I completed the download, install and scan using Malwarebytes anti-root kit. Rebooted and rescanned; nothing found during either scan. Attached are logs. I am proceeding with the AdwCleaner.

Click to expand...

Downloaded, installed, and ran AdwCleaner. Attached is the log. I am proceeding with RogueKiller

Last but not least, I completed RogueKiller. The logs are attached. I believe this was the last step. Can/should I deleted these applications from the desktop? Thanks so much! I'll wait to hear if there is anything else that needs done, based on the logs.

Fiery · May 11, 2013

Looking good. A few more steps.

Please download Malwarebytes' Anti-Malware from here to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
When it prompts you to try their 30-day trail, click decline
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Download OTL by Old Timer from here and save it to your Desktop.

Double click on OTL.exe to run it.
Click the Scan All Users checkbox.
Check the boxes beside LOP Check and Purity Check
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimized
Please attach the contents of these 2 Notepad files in your next reply.

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072

Run Eset NOD32 Online AntiVirus here

Note: You will need to use Internet Explorer for this scan.
Vista / 7 users: You will need to to right-click on the Internet Explorer icon and select Run as Administrator

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your current antivirus software. You can usually do this with its Notfication Tray icon near the clock.
Make sure that the option "Remove found threats" is Un-checked, and the following Advance Settings are Checked
- Scan unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Click Scan
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log in your next reply to this topic.
The log can also be found in logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt

martinjr · May 11, 2013

Fiery said:
Looking good. A few more steps.

Please download Malwarebytes' Anti-Malware from here to your desktop.
...

Download OTL by Old Timer from here and save it to your Desktop.
...
Run Eset NOD32 Online AntiVirus here

Ran Malwarebytes. I couldn't click to see results or delete anything because I don't think if found anything. Attached is log. Proceeding with OTL.

martinjr · May 11, 2013

martinjr said:
Fiery said:

Looking good. A few more steps.

Please download Malwarebytes' Anti-Malware from here to your desktop.
...

Download OTL by Old Timer from here and save it to your Desktop.
...
Run Eset NOD32 Online AntiVirus here

Click to expand...

Ran Malwarebytes. I couldn't click to see results or delete anything because I don't think if found anything. Attached is log. Proceeding with OTL.

Ran OTL. 2 Logs attached. Proceeding with running last link...

Fiery · May 11, 2013

Ok, also let me know how your PC is running.

FBI/MoneyPak Virus and HitmanPro does not find anything

New Member

Level 1

New Member

Level 1

New Member

Level 1

New Member

Level 1

New Member

New Member

Attachments

Level 1

New Member

Level 1

New Member

Attachments

New Member

Attachments

New Member

Attachments

Level 1

New Member

Attachments

New Member

Attachments

Level 1

Similar threads